VIR Vulnerability Intelligence Relay

CVE-2012-1792

low
Published 2012-05-27 · Modified 2026-04-29
CVSS v3
CVSS v2
2.6
VIR risk
2.6

Description

Cross-site scripting (XSS) vulnerability in osCommerce/OM/Core/Site/Setup/Application/Install/RPC/DBCheck.php in OSCommerce Online Merchant 3.0.2, when the software is being installed, allows remote attackers to inject arbitrary web script or HTML via the name parameter to oscommerce/index.php, which is not properly handled in an error message. NOTE: this might not be a vulnerability, since the ability to access oscommerce/index.php during installation may already imply administrator privileges.

Predictions

Exploit likelihood
20%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

No vendor mitigations ingested yet for this CVE. The mitigation-content worker queues fetches as references arrive — check back in a few minutes, or see the references list below.

Application impact
VendorProductVersionsFixed
oscommerceonline_merchant
oscommerceonline_merchant2.2
oscommerceonline_merchant2.3.0
oscommerceonline_merchant2.3.1

References

CWEs

CWE-79

Verify integrity in audit chain (admin only). AS-IS.